# System Logs

## Overview

**Evidence:** System Logs\
**Description:** Collect System Logs\
**Category:** System\
**Platform:** linux\
**Short Name:** sysl\
**Is Parsed:** No\
**Sent to Investigation Hub:** No\
**Collect File(s):** Yes

## Background

Linux syslog contains comprehensive system-wide logs including application messages, system events, and daemon activities. It's the primary logging facility on Debian-based systems (Ubuntu, Debian) and captures all non-kernel system messages.

## Data Collected

This collector gathers structured data about system logs.

## Collection Method

This collector gathers syslog files from /var/log/syslog\*, including rotated logs, which contain timestamped system events and application messages.

## Forensic Value

Syslog is critical for investigating system events, application activities, service failures, and security incidents. It provides a comprehensive timeline of system operations essential for incident response and forensic analysis.